Escape texts in exported HTML (#429)

2025-08-09 03:37:54 +02:00 · 2023-02-18 18:25:54 +01:00
parent 89a9271c71
commit 74134d3896
2 changed files with 31 additions and 2 deletions
--- a/bookmarks/services/exporter.py
+++ b/bookmarks/services/exporter.py
@@ -1,3 +1,4 @@
+import html
 from typing import List

 from bookmarks.models import Bookmark
@@ -28,8 +29,8 @@ def append_list_start(doc: BookmarkDocument):

 def append_bookmark(doc: BookmarkDocument, bookmark: Bookmark):
    url = bookmark.url
-    title = bookmark.resolved_title
-    desc = bookmark.resolved_description
+    title = html.escape(bookmark.resolved_title or '')
+    desc = html.escape(bookmark.resolved_description or '')
    tags = ','.join(bookmark.tag_names)
    toread = '1' if bookmark.unread else '0'
    added = int(bookmark.date_added.timestamp())